Fixing vulnerabilities in applications

Expand all | Collapse all

If you have selected Find and install required updates on the Update management settings page of the quick start wizard, the Install required updates and fix vulnerabilities task is created automatically. The task is displayed in the workspace of the Managed devices folder, on the Tasks tab.

Otherwise, you can do any of the following:

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.

Fixing vulnerabilities by creating a vulnerability fix task

You can do any of the following:

To fix vulnerabilities that meet certain rules:

  1. In the console tree, select Administration Server on devices for which you want to fix vulnerabilities.
  2. In the View menu of the main application window, select Configure interface.
  3. In the window that opens, select the Display Vulnerability and Patch Management check box, and then click OK.
  4. In the window with the application message, click OK.
  5. Restart the Administration Console, so the changes take effect.
  6. In the console tree, select the Managed devices folder.
  7. In the workspace, select the Tasks tab.
  8. Click the Create a task button to run the New task wizard. Follow the steps of the wizard.
  9. On the Select the task type page of the wizard, select Install required updates and fix vulnerabilities.

    If the task is not displayed, check whether your account has the Read, Modify, and Execute rights for the System management: Vulnerability and patch management functional area. You cannot create and configure the Install required updates and fix vulnerabilities task without these access rights.

  10. On the Settings page of the wizard, specify the task settings as follows:
    • Specify rules for installing updates
    • Start installation at device restart or shutdown
    • Install required general system components
    • Allow installation of new application versions during updates
    • Download updates to the device without installing them
      • Download updates to
    • Enable advanced diagnostics
      • Maximum size, in MB, of advanced diagnostics files
  11. On the Selecting an operating system restart option page of the wizard, select the action to perform when the operating system on client devices must be restarted after the operation:
    • Do not restart the device
    • Restart the device
    • Prompt user for action
      • Repeat prompt every (min)
      • Restart after (min)
    • Force closure of applications in blocked sessions
  12. On the Configure task schedule page of the wizard, you can create a schedule for task start. If necessary, specify the following settings:
    • Scheduled start:
      • Every N hours
      • Every N days
      • Every N weeks
      • Every N minutes
      • Daily (daylight saving time is not supported)
      • Weekly
      • By days of week
      • Monthly
      • Manually
      • Every month on specified days of selected weeks
      • On virus outbreak
      • On completing another task
    • Run missed tasks
    • Use automatically randomized delay for task starts
    • Use randomized delay for task starts within an interval of (min)
  13. On the Define the task name page of the wizard, specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
  14. On the Finish task creation page of the wizard, click the Finish button to close the wizard.

    If you want the task to start as soon as the wizard finishes, select the Run the task after the wizard finishes check box.

After the wizard completes its operation, the Install required updates and fix vulnerabilities task is created and displayed in the Tasks folder.

In addition to the settings that you specify during task creation, you can change other properties of a created task.

If the task results contain the 0x80240033 "Windows Update Agent error 80240033 ("License terms could not be downloaded.")" error, you can resolve this issue through the Windows Registry.

To fix a specific vulnerability and similar ones:

  1. In the AdvancedApplication management folder in the console tree, select the Software vulnerabilities subfolder.
  2. Select the vulnerability that you want to fix.
  3. Click the Run Vulnerability fix wizard button.

    The Vulnerability fix wizard starts.

    The Vulnerability fix wizard features are only available under the Vulnerability and patch management license.

    Follow the steps of the wizard.

  4. In the Search for existing vulnerability fix tasks window, specify the following parameters:
    • Show only tasks that fix this vulnerability
    • Approve updates that fix this vulnerability
  5. If you choose to search for existing vulnerability fix tasks and if the search retrieves some tasks, you can view properties of these tasks or start them manually. No further actions are required.

    Otherwise, click the New vulnerability fix task button.

  6. Select the type of the vulnerability fix rule to be added to the new task, and then click the Finish button.
  7. Make your choice in the displayed prompt about installing all previous application updates. Click Yes if you agree to the installation of successive application versions incrementally if this is required for installing the selected updates. Click No if you want to update applications in a straightforward fashion, without installing successive versions. If installing the selected updates is not possible without installing previous versions of applications, the updating of the application fails.

    The Updates installation and vulnerabilities fix task creation wizard starts. Follow the steps of the wizard.

  8. On the Selecting an operating system restart option page of the wizard, select the action to perform when the operating system on client devices must be restarted after the operation:
    • Do not restart the device
    • Restart the device
    • Prompt user for action
      • Repeat prompt every (min)
      • Restart after (min)
    • Force closure of applications in blocked sessions
  9. On the Select devices to which the task will be assigned page of the wizard, select one of the following options:
    • Select networked devices detected by Administration Server
    • Specify device addresses manually or import addresses from a list
    • Assign task to a device selection
    • Assign task to an administration group
  10. On the Configure task schedule page of the wizard, you can create a schedule for task start. If necessary, specify the following settings:
    • Scheduled start:
      • Every N hours
      • Every N days
      • Every N weeks
      • Every N minutes
      • Daily (daylight saving time is not supported)
      • Weekly
      • By days of week
      • Monthly
      • Manually
      • Every month on specified days of selected weeks
      • On virus outbreak
      • On completing another task
    • Run missed tasks
    • Use automatically randomized delay for task starts
    • Use randomized delay for task starts within an interval of (min)
  11. On the Define the task name page of the wizard, specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
  12. On the Finish task creation page of the wizard, click the Finish button to close the wizard.

    If you want the task to start as soon as the wizard finishes, select the Run the task after the wizard finishes check box.

When the wizard completes, the Install required updates and fix vulnerabilities task is created and displayed in the Tasks folder.

In addition to the settings that you specify during task creation, you can change other properties of a created task.

Fixing a vulnerability by adding a rule to an existing vulnerability fix task

To fix a vulnerability by adding a rule to an existing vulnerability fix task:

  1. In the AdvancedApplication management folder in the console tree, select the Software vulnerabilities subfolder.
  2. Select the vulnerability that you want to fix.
  3. Click the Run Vulnerability fix wizard button.

    The Vulnerability fix wizard starts.

    The Vulnerability fix wizard features are only available under the Vulnerability and patch management license.

    Follow the steps of the wizard.

  4. In the Search for existing vulnerability fix tasks window, specify the following parameters:
    • Show only tasks that fix this vulnerability
    • Approve updates that fix this vulnerability
  5. If you choose to search for existing vulnerability fix tasks and if the search retrieves some tasks, you can view properties of these tasks or start them manually. No further actions are required.

    Otherwise, click the Add vulnerability fix rule to existing task button.

  6. Select the task to which you want to add a rule, and then click the Add rule button.

    Also, you can view properties of the existing tasks, start them manually, or create a new task.

  7. Select the type of rule to be added to the selected task, and then click the Finish button.
  8. Make your choice in the displayed prompt about installing all previous application updates. Click Yes if you agree to the installation of successive application versions incrementally if this is required for installing the selected updates. Click No if you want to update applications in a straightforward fashion, without installing successive versions. If installing the selected updates is not possible without installing previous versions of applications, the updating of the application fails.

A new rule for fixing the vulnerability is added to the existing Install required updates and fix vulnerabilities task.

See also:

Scenario: Updating third-party software

Scenario: Finding and fixing third-party software vulnerabilities

Page top